Massive DDoS attacks target Estonia; Russia accused

A massive cyber-attack breaks out in Estonia as widespread DDoS attacks bring …

Cyber-warfare on an unprecedented scale has hammered Estonian web sites for the last two weeks in the aftermath of the government's controversial decision to relocate a Soviet-era war monument from the center of Tallinn to the suburbs. Two days of rioting by ethnic Russians, who saw this as an attack on their heritage and on minority rights, quickly transitioned from the real to the virtual world, as government web sites came under DDoS attacks so severe that many agencies shut off access to IP addresses outside Estonia for several days.

The debate and its aftermath are well covered by Radio Free Europe, but the Internet aspect of the controversy took a few days to emerge. A Helsinki paper gave some details this week, as did an Economist article in this week's print edition. The Economist piece quoted a senior official in Brussels who questioned whether a cyber-attack should be counted as a military act. "If the member state's communications center is attacked with a missile," said the source, "you call it an act of war. So what do you do if the same installation is disabled with a cyber-attack?" A spokesman for Estonia's defense ministry likens the attacks against his country to the September 11 attacks in the US.

That's because some analysts and Estonian authorities are claiming that the attacks originate within Russia, and come from Russian government IP addresses. Prime Minister Andrus Ansip told his country several days ago that "the continuing cyber-attacks from the servers of Russian state authorities, together with tearing the Estonian flag off our embassy and together with statements made by the delegates of the Russian Duma, calling for the change of government in Estonia, indicates that our sovereign state is under a heavy attack."

Ansip was referencing a bizarre situation in Moscow where a student group allied to the Kremlin attacked Estonia's embassy, and the ambassador was allowed to leave for a "holiday" only after protests from the US, the EU, and NATO. A Russian leader in the Duma also called for the Estonian government to resign—chilling words in a small country dominated by Russia for decades. The European Parliament also discussed the issue last Wednesday, wtih President Hans-Gert Pöttering saying that "it is unusual in Europe to demand the resignation of the democratically elected government of a neighbouring country. It is unthinkable in Europe to disregard the Vienna Convention on the protection of diplomatic representations."

Estonia asserts that Russians were behind the attacks, but Mikko Hyppönen of F-Secure, a Finnish security company, isn't fully convinced. He told Helsingin Sanomat, "In practice there is just one IP address that leads to a government computer. It is of course possible that an attack was launched from there, too, but the person behind it could be anyone, from the son of some ministerial janitor upwards." And full-scale DDoS attacks can originate from botnets of machines around the world, making the controller almost impossible to locate.

In addition to the Internet attacks, Russia suspended certain rail deliveries of raw materials and passenger service between Tallinn and St. Petersburg, but those limited sanctions appear to be ending, and Russia still plans to go ahead with a Russia/EU summit this week.

The scale of the Internet assault has certainly caught the attention of Western military planners, though, who will no doubt push for defenses against such attacks to be upgraded in their own countries. The Economist reports that NATO dispatched two observers to Estonia and the Americans sent another in order to "observe the onslaught."